Dailydave mailing list archives
Re: Exploits matter.
From: dave <dave () immunityinc com>
Date: Wed, 07 Oct 2009 07:31:40 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This raises an interesting question. What is a "public" exploit? Buying CANVAS costs less than four thousand dollars and is (thankfully :>) a reasonably common thing for companies to have. If a working, 100% reliable exploit is in the hands of the ten thousand people who care, shouldn't that be considered "public"? It just seems weird to me that all the news articles on SMBv2 focus so much on whether or not you can download a working version of the exploit over the Internet, when all the people who could actually do anything with it already had it. - -dave dan () geer org wrote:
> > The summary is this: You may think increasing exploit costs > is a simply good thing. But the side effect of relying on > mitigations as opposed to software assurance is that it is > getting extremely expensive to avoid being drowned in the > noise. > The other side effect is that for exploitable vulnerabilities a rising fraction are privately held as the probability that you will give away something is inversely proportional to what it cost you to obtain it. --dan _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkrMfBwACgkQtehAhL0gherNMwCfQXm3RGhLwk5ETO4DCgw/a257 CA4Aniz2UpfFjt08SWBNvw+UROkO2hup =EizD -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Exploits matter. dave (Oct 06)
- Re: Exploits matter. dan (Oct 07)
- Re: Exploits matter. dave (Oct 07)
- Re: Exploits matter. Matt Olney (Oct 07)
- Re: Exploits matter. Fuzzy Hoodie-Monster (Oct 08)
- Re: Exploits matter. Matt Olney (Oct 09)
- Re: Exploits matter. dave (Oct 07)
- Re: Exploits matter. Tom Parker (Oct 07)
- Re: Exploits matter. security curmudgeon (Oct 07)
- Re: Exploits matter. c0lists (Oct 07)
- Re: Exploits matter. security curmudgeon (Oct 07)
- Re: Exploits matter. c0lists (Oct 07)
- Re: Exploits matter. Matthew Wollenweber (Oct 08)
- Re: Exploits matter. dan (Oct 07)
- Message not available
- Re: Exploits matter. security curmudgeon (Oct 22)